juice-shop
73 строки · 2.3 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import frisby = require('frisby')7import config from 'config'8
9const URL = 'http://localhost:3000'10
11const jsonHeader = { 'content-type': 'application/json' }12let authHeader: { Cookie: any }13
14beforeAll(() => {15return frisby.post(`${URL}/rest/user/login`, {16headers: jsonHeader,17body: {18email: 'jim@juice-sh.op',19password: 'ncc-1701'20}21})22.expect('status', 200)23.then(({ json }) => {24authHeader = { Cookie: `token=${json.authentication.token}` }25})26})27
28describe('/profile', () => {29it('GET user profile is forbidden for unauthenticated user', () => {30return frisby.get(`${URL}/profile`)31.expect('status', 500)32.expect('header', 'content-type', /text\/html/)33.expect('bodyContains', `<h1>${config.get<string>('application.name')} (Express`)34.expect('bodyContains', 'Error: Blocked illegal activity')35})36
37it('GET user profile of authenticated user', () => {38return frisby.get(`${URL}/profile`, {39headers: authHeader40})41.expect('status', 200)42.expect('header', 'content-type', /text\/html/)43.expect('bodyContains', 'id="email" type="email" name="email" value="jim@juice-sh.op"')44})45
46it('POST update username of authenticated user', () => {47const form = frisby.formData()48form.append('username', 'Localhorst')49
50return frisby.post(`${URL}/profile`, {51// @ts-expect-error FIXME form.getHeaders() is not found52headers: { 'Content-Type': form.getHeaders()['content-type'], Cookie: authHeader.Cookie },53body: form,54redirect: 'manual'55})56.expect('status', 302)57})58
59xit('POST update username is forbidden for unauthenticated user', () => { // FIXME runs into "socket hang up"60const form = frisby.formData()61form.append('username', 'Localhorst')62
63return frisby.post(`${URL}/profile`, {64// @ts-expect-error FIXME form.getHeaders() is not found65headers: { 'Content-Type': form.getHeaders()['content-type'] },66body: form67})68.expect('status', 500)69.expect('header', 'content-type', /text\/html/)70.expect('bodyContains', `<h1>${config.get<string>('application.name')} (Express`)71.expect('bodyContains', 'Error: Blocked illegal activity')72})73})74